ClawHub

Claw Score

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for an external audit, but it sends sensitive workspace and agent-context files to a third party with limited scoping and unclear retention.

Review the exact files and final sanitized payload before using this skill. Do not run it on workspaces containing secrets, private user notes, customer data, or internal security instructions unless you are comfortable sending that information to the listed external service and by email if using the fallback.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The privacy statement is internally inconsistent: it says submitted data is not stored beyond the audit session, yet the service promises a report delivered by email within 24–48 hours. That strongly implies retention of submitted content or derived artifacts long enough to process and deliver results, which can mislead users about data handling and consent for sensitive workspace material.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill instructs users to transmit multiple workspace markdown files plus a file tree to a third party, but it understates the sensitivity of those artifacts. Files like AGENTS.md, MEMORY.md, USER.md, and SECURITY.md can contain internal policies, user context, secrets-adjacent data, or operational metadata, so sending them off-box creates meaningful confidentiality and privacy risk even if some pattern-based sanitization is attempted.

Ssd 3

Medium
Confidence
97% confidence
Finding
This is a true data-exposure risk because the skill explicitly encourages submission of broad context files, including memory and user-context material, to an external auditor. In this skill context, those files are especially sensitive: they can reveal behavioral instructions, personal context, internal security posture, and workspace structure, making unauthorized disclosure or over-collection materially dangerous.

Ssd 3

Medium
Confidence
96% confidence
Finding
The manual fallback asks users to email sanitized files and a response address to an external recipient, which normalizes ad hoc exfiltration of potentially sensitive workspace documents over email. Email is difficult to control, easy to misaddress, and often retained by multiple intermediaries, so this fallback meaningfully increases confidentiality and compliance risk.

External Transmission

Medium
Category
Data Exfiltration
Content
if [[ $REPLY =~ ^[Yy]$ ]]; then
    echo "Submitting..."
    RESPONSE=$(curl -s -X POST "$WEBHOOK_URL" \
        -H "Content-Type: application/json" \
        -d "$PAYLOAD")
Confidence
92% confidence
Finding
curl -s -X POST "$WEBHOOK_URL" \ -H "Content-Type: application/json" \ -d

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal